CVE-2015-0292

Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted base64 data that triggers a buffer overflow. Publish Date : 2015-03-19 Last Update Date : 2015-03-20

- CVSS Scores & Vulnerability Types

CVSS Score

7.5

Confidentiality Impact

Partial(There is considerable informational disclosure.)

Integrity Impact

Partial(Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)

Availability Impact

Partial(There is reduced performance or interruptions in resource availability.)

Access Complexity

Low(Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )

Authentication

Not required(Authentication is not required to exploit the vulnerability.)